The new Global Threat Intelligence Report (GTIR) evidences that cyber crime has become even more professional and dangerous for companies but also individuals than ever before. In addition, we still perceive a gap between the obvious and widely accepted threat and the willingness to invest in a professional and holistic security approach. Data theft and fraud is one the biggest risks for the economy also documented at the last World Economic Forum report.

We all know that no security plan is guaranteed. There will always be some level of exposure, but defining an acceptable level of risk is important. Organizations are starting to understand that, by default, every employee is part of their security team, and seeing the value in security awareness training – knowing that educating the end user is directly connected to securing their enterprise.

Attackers are targeting users more than ever and this is evidenced in our new Global Threat Intelligence Report (GTIR). Analyzing global threat trends, the data shows that nearly 73% of all malware globally was delivered to its victims because of a phishing attack. Furthermore, over half of the world’s phishing attacks originated in the EMEA region.

The same report reveals that some of the biggest regional differences were related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45% started in EMEA – more than the Americas (20%) and Asia (7%) combined. In addition, 45% of brute force attacks that targeted EMEA customers also started in the region.

So while phishing attacks affected organizations everywhere, EMEA unfortunately emerged as the top region for the source of these attacks. These figures, combined with those for brute force attacks, should serve as a warning for any organization doing business in EMEA, especially with the General Data Protection Regulation (GDPR) around the corner. Any organization processing data belonging to EU citizens needs to demonstrate that their information security strategy is robust. Time is running out and, quite often, the complexity to combine the business analysis for GDPR compliance with a technical implementation will require a special effort to handle the distributed landscapes with thousands of mashed applications in our modern enterprises landscapes.

Such a strategy should also include security policies that are more helpful to employees. The good news is that, at NTT Security, we are starting to see organizations expanding cyber education and ensuring employees adhere to a common methodology, set of practices, and mindset. Our clients understand that assisting and coaching their employees (end users) on the proper usage of technology will only enhance the organization’s overall security posture. However, it is recommended to combine awareness and coaching with an integrated risk and threat analysis, the simulation of attack scenarios and a prevention system based on threat intelligence and professional detection and response solutions (MDR).

With mobile use, remote access, cloud services, virtualization, and other technological advances, access to most organizations’ enterprise perimeters are expanding. The dynamics of allowing users to access networks through a wide variety of types of devices and applications is forcing companies to adjust their current cybersecurity practices. Organizations must now know who their end users are, what role they have and what they should have access to. They must also invest in strong authentication, role-based access, and subsequently harden the authorization processes.

For more information on the threat trends in EMEA, and their impact on organizations, download our Global Threat Intelligence Report: